Howard,
Our security expert at Sun consider that the attack could be applied to
LDAP, although it will be more complex to achieve for all the good
reasons you've outline (session-oriented, with explicit authentication
attached to a session, and is a record-oriented ASN.1 encoded protocol
with precisely defined message structure).
The renegotiation in the attack is as far as I understand, driven by the
man in the middle, and so even though OpenLDAP slapd never request the
renegociation, it is still subject to the attack.

Hi Ludo, thanks for the note. Kurt and I were discussing this offline and he
has suggested a possible attack as well. I'm still not convinced of the
details but we'll continue to investigate.

Wondering if we (ApacheDS) can be a possible target, assuming that we
are Java based. Any idea ?